A Recipe for OpenID-Enabling Your Site

spiralhead · on July 18, 2007

curious--is anybody actually using OpenID or is it like one of those things everyone promotes publicly on principle (like feeding hungry kids in 3rd world countries) but ignores privately?

inklesspen · on July 18, 2007

Livejournal is. Ficlets.com is. Basecamp is. So are many smaller sites. https://www.myopenid.com/directory has a list.

And I use it on ficlets and basecamp. (I already have a paid LJ account; in fact, my LJ account is my openid.)

pg · on July 18, 2007

We are (or rather Robert Morris is) working now on adding support for it on news.yc.

sharpshoot · on July 19, 2007

with sitepass?

benhoyt · on July 18, 2007

I'd heard of it before, but I really discovered it when we were implementing it for microPledge. Anyway, I signed up with MyOpenID -- and yeah, I'll use it for sign-ups from now on (if the website in question supports it).

steve · on July 19, 2007

That little phishing problem is still unsolved, yes?

inklesspen · on July 19, 2007

In the sense that a rogue site can pretend to support openid, but actually present a copy of the openid provider's site, yes. People just have to be careful to check the domain name and SSL cert, just like everywhere else.

Wordpress.com has an interesting way of handling this; when you use your wordpress.com openid, it doesn't let you log in from the page you get redirected to. You have to manually go to the front page by typing in the address, log in there, and then continue. It's annoying, but probably patches the hole.

steve · on July 19, 2007

Thank god openid is here to make logging in so much easier!..

tx · on July 20, 2007

I like the idea but I dot believe it will work. Major players (Amazon, Google, Yahoo, Microsoft) are NOT interested in open standards for their user authentication. This is why Microsoft Passport failed and this is why Google Checkout will fail and OpenID will follow their "lead".